diff options
| -rw-r--r-- | deployment/keys/guix/mcdowell-signing-key.pub | 6 | ||||
| -rw-r--r-- | deployment/keys/guix/rakan-signing-key.pub | 6 | ||||
| -rw-r--r-- | deployment/systems/mcdowell.scm | 22 | ||||
| -rw-r--r-- | deployment/systems/rakan.scm | 12 |
4 files changed, 44 insertions, 2 deletions
diff --git a/deployment/keys/guix/mcdowell-signing-key.pub b/deployment/keys/guix/mcdowell-signing-key.pub new file mode 100644 index 0000000..358fdc0 --- /dev/null +++ b/deployment/keys/guix/mcdowell-signing-key.pub @@ -0,0 +1,6 @@ +(public-key + (ecc + (curve Ed25519) + (q #FDA720ED167E05AB735182D887A450DCD534A85F2697DE421E49CA043FC01E4D#) + ) + ) diff --git a/deployment/keys/guix/rakan-signing-key.pub b/deployment/keys/guix/rakan-signing-key.pub new file mode 100644 index 0000000..358fdc0 --- /dev/null +++ b/deployment/keys/guix/rakan-signing-key.pub @@ -0,0 +1,6 @@ +(public-key + (ecc + (curve Ed25519) + (q #FDA720ED167E05AB735182D887A450DCD534A85F2697DE421E49CA043FC01E4D#) + ) + ) diff --git a/deployment/systems/mcdowell.scm b/deployment/systems/mcdowell.scm index ae1ea16..c238f48 100644 --- a/deployment/systems/mcdowell.scm +++ b/deployment/systems/mcdowell.scm @@ -35,7 +35,8 @@ #:use-module ( (sovereign systems) #:prefix sovereign:systems:) #:use-module ( (users id1000) - #:prefix users:id1000:)) + #:prefix users:id1000:) + #:use-module (guix gexp)) (define system-name "mcdowell") @@ -64,6 +65,22 @@ (inherit sovereign:devices:swap/no-trim) (target l-target)))) +(define rakan-machine + #~(build-machine + (name "rakan") + (systems (list "x86_64-linux" + "i686-linux")) + (user "marek") + (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxlIhNlkWCNA+l/RiOJztB+VWhuJtDTUvSwwlE3MpgJ root@mcdowell") + (private-key "/home/marek/.ssh/id_ed25519"))) + +(define guix-offload-rakan + (let + ( (l-signing-key (local-file "../keys/guix/rakan-signing-key.pub"))) + (gnu:services:base:guix-extension + (authorized-keys (list l-signing-key)) + (build-machines (list rakan-machine))))) + (define system (let* ( (l-guix-homes (list users:id1000:name/home-environment)) @@ -78,6 +95,9 @@ (l-services (cons* l-guix-home-service (gnu:services:service gnu:services:ssh:openssh-service-type) sovereign:packages:protonmail:nogui-profile + (gnu:services:simple-service 'offload-rakan + gnu:services:base:guix-service-type + guix-offload-rakan) sovereign:systems:%sovereign-services)) (l-swap-devices (list swap)) (l-users (cons* users:id1000:uid1000-account diff --git a/deployment/systems/rakan.scm b/deployment/systems/rakan.scm index 93100c2..c952472 100644 --- a/deployment/systems/rakan.scm +++ b/deployment/systems/rakan.scm @@ -31,7 +31,8 @@ #:use-module ( (sovereign systems) #:prefix sovereign:systems:) #:use-module ( (users id1000) - #:prefix users:id1000:)) + #:prefix users:id1000:) + #:use-module (guix gexp)) (define system-name "rakan") @@ -60,6 +61,12 @@ (inherit sovereign:devices:swap/no-trim) (target l-target)))) +(define guix-offload-authorizations + (let + ( (l-mcdowell-key (local-file "../keys/guix/mcdowell-signing-key.pub"))) + (gnu:services:base:guix-extension + (authorized-keys (list l-mcdowell-key))))) + (define guix-publish-configuration (gnu:services:base:guix-publish-configuration (host "0.0.0.0") @@ -83,6 +90,9 @@ gnu:system:linux-initrd:%base-initrd-modules)) (l-services (cons* l-guix-home-service guix-publish-service + (gnu:services:simple-service 'offload-authorizations + gnu:services:base:guix-service-type + guix-offload-authorizations) (gnu:services:service gnu:services:ssh:openssh-service-type) sovereign:packages:protonmail:nogui-profile sovereign:systems:%sovereign-services)) |